95b25c721e29b11f6cd65fe4d9dc31460f89ac6e9d6e25b34e0ae2f246bc96c0

Analysis

max time kernel
136s
max time network
143s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
01-06-2024 07:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

213KB
MD5

b810ef01d82ff6744a63ee2515381212
SHA1

b59c10fe5d196cd1af387d807b8cb01a3584a7b2
SHA256

8612dc17d05f6f878a97df7002247c72ae148f4687a60578649d37405b519a44
SHA512

6d444b223f4d8d0073f6b48883fb4475aaa8ba6dd2fef5888e6e1d24c9303ed25aa75a61e75efa114c799f809627253ccf993f1a576957cb761bdcb54a69ebd2
SSDEEP

3072:SzyXAoiFPpmcyfkMY+BES09JXAnyrZalI+YQ:SzbuBsMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{0EFED731-1FE9-11EF-8859-DE62917EBCA6} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423389000"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2508	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2508	iexplore.exe
2508	iexplore.exe
2904	IEXPLORE.EXE
2904	IEXPLORE.EXE
2904	IEXPLORE.EXE
2904	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2508 wrote to memory of 2904	2508	iexplore.exe	28
PID 2508 wrote to memory of 2904	2508	iexplore.exe	28
PID 2508 wrote to memory of 2904	2508	iexplore.exe	28
PID 2508 wrote to memory of 2904	2508	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2508
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2508 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2904

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3231d257e6f7a6a0e0c528d04655406f

SHA1
9dd840fca6bd2b75bd2d5c4d6ff0adc724873314

SHA256
f47bd09f2e45294c48f34502f4a960634e6d2ddddfbe3b5b5a9587881fca1ebc

SHA512
480414c2d3dfd9ed80d66a98d9a920812f3c68c525372de5edd5412c376d0b28f8a711b8259f7185e03f98a54e30841c67137007e4ba8a1625c3805c836d9943

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9c691037dfde8b44e4b41bfa6b78c26a

SHA1
a43dda660bd70c317afa29ad031d0995ec108860

SHA256
4e2202badca1216abcdf683b8b71fe06e55b3db8423b3eb3e846bb8dd5697a79

SHA512
e36e6b05acaded72fd3e9103dac976102276f7cd403edb33b46e85cc5b11da8c0a3624fc6272eda8cededa249fd7f68025d67dca5f29540a245d85c8a84f0b18

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
be7c1b588b719b53d7575948f8f970a2

SHA1
4bc50eb159b4f1d30a6a9f12e360c5759ebb5d9c

SHA256
cde47cfbbed76bdb93e9140ad3a03336f0fa60c5842cecf7bd36b7d8bf732b48

SHA512
1b21ebe9ee530748d75e5c6f912d86ece3217e070a9920c649600e19a2fc2193e61522f779671927cbc4ba75244f96dd3cfcae6f8edaa190816e79e1d0f38716

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
35bb83ffe946f7178a98685c460fbf38

SHA1
65dd775436bad86b75a26c495de77a0542729f99

SHA256
db4fd52c586ae4c64f9b5487e52c1f834500facdb733013587dfd36f7ca6cff6

SHA512
9a6a8b39c92a57d96a6232f2c62c90f448b173bda68931ffa011ebda09bdc74a3ec2c133449392aacc8a3d247c761ed7485fc87569a64370194ffba6af7efe1f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
45f3f12384a9f190bcec12494eb510f2

SHA1
69d54bcb1c78f327e39029a7a7b3226026e944ea

SHA256
61ed2a8d7f3f5a4264a6c6ffc6824e1ef26b7e3c608d0ea1ae264933613fb16b

SHA512
8068faade16eda0b9abddc0483dd9df0a556cfbe072c257836b6f5e555cd25f2760533524c632705cb787af6350f81b30a6e40dcd135dd4fdeeddc602cf11168

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8dbd81ffcad21428da6843b9cfdc785a

SHA1
a701562b8c781fadb90fdc028a10f8d54bdebd6c

SHA256
c4a04572cf9b4cac2a2865128f081811ffc0fc186fd7e499cf94307900b16af6

SHA512
fc163f7ccf2b88c41cacf04a4e0bfaba9ce6fc2788d3572b3ac47a99b36dbf5a87d886212a36b5d28ba41d045f7548f62908e35c335a98e59d51d44b98bee69a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5f1abe5d4393ecb588ea0d25c1766d9a

SHA1
a9c847ddec1885f41e2a3f36d2ec4775d894a891

SHA256
f162fca876871baaf0f6d47f2a6aea015e81d7f2534ab0f7e7c1b01c364459d7

SHA512
aa7d6ca3b723f556dfd07c09ad4deb97da57f127e92cc740ece998c85cabbbc2d654a2b05dd5bf67ce0df6272f397c75a366b7b3a375ac0a0a0a8e11da647929

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
18f2bdeaaa285ffea2e31cfe7363c1c2

SHA1
84cf84f5048895834b8d46f9c5474944ddc94eac

SHA256
bc7cb49c413caa52cf75a2c6551c423071a930a30fb287a6f769652908693dcd

SHA512
d156c7f57f989e1e6e2ab37f927257e2534b1e9bb57fbeaa85f06f5975bc4f97950ab2e2d6f1ceb1e3a82ec98a6ea2070181001814a1958de6feb22b259c2fd2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
226c77810491cf414b89667946c6cfca

SHA1
405abea303986ca4595ccae8f70ae302c896108d

SHA256
cd5194677ffc7d48ea596eb2b5598937b64a84465d90a6623eed7d9540dc2b3b

SHA512
3f286ebb99c1032586a8fd79f677670c0a1afa7f3c197b4be7eef697095994c704e5a720f019c9b791f99a9c6ce63b8e10a5757581e238635978d60e2498dbb6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ef1c78f57d03f1fc72339505934d859c

SHA1
6a8fcc8edd5ffc5d33c5156c5dce2380b332eced

SHA256
016e25debb0b2607ebd88b912cd7500c2836ff04e5ce287796be0c8fb2efdb4a

SHA512
4c64ff94a5a09020a8f04ee20cbe145f11df6069b1fee4d79016b565517b35ebc2c317dbc2efb195347a9ab8a271f0296006d5dd7e415dab743d23ab62525b3b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8ca559cacc90822405abc8a8cace0369

SHA1
4847dbd1d434127ba371de56be872f06462ad2ee

SHA256
d2c61ffbf150d2b6b8bc670a5fab75324692649640cecb0d95b82721fa7b17df

SHA512
b102469ee58ca38aed89e90e83dcea43d453cbdeb6cbaab4d3c4a7df61d88059ccbfb7d898b4ea6d08444cee3b73f9cb1b50bd9173a025965048efc538d23e30

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c1528c61431473ddf363bff0f6f5b6a3

SHA1
00459fe4abd1220625e9e1284e6ce6ff02fac7dd

SHA256
8a7ab696ed7a9d833bcd74cb649a16fe3fe3ac96198a904b7256c2c60aa09b11

SHA512
eeaeed70992344936bd552c0314879fef454a37b3867863bf698cce1a57f5b1dc4d739e41433276180951ef6684211a1ac6a3c22f2af61c0f346d9fd4242e019

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
78f9a9bf058b5cfd08e85807f799af45

SHA1
9be3c68daa8e9f28e6be1e6809fe640ab090490e

SHA256
ce24dfa812232fc7dff5f83ca9f73d5f558fe6a7b2e83ef5c36a176f675bc5cf

SHA512
10133f7d48b8b0b4c60fa8f0c70c86ae1488c735ad08e34a2b68e92450b78e8ec38cc41256c2c62137b8aa8ebaa533745489416ed97f086b7c3d26dadf8e554d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ad7239501ba5d1597b43025ef7561118

SHA1
5411542d562ae9d720287c19edac03d6e0eacbc5

SHA256
160dd900bd025923903524f7bf72cad65200c6a85c3b06b1cb0e587664ec3b80

SHA512
264f4100dfe0048bc2454114f82da8a5204302285ace4b2ab783a9c7e1d952d22a5df242dcdb29926d704ad7bf4573b0d1e5b7cb60eba9bc752d5089dc9acdb6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4e427526c155551e1db860b41be25334

SHA1
6f09cca7737ac9b3b472b6ccd759aad8309d22c3

SHA256
1d71538ef799723f1b9e17a174949c407665bf40c73048b4aae2f20033a07754

SHA512
26b175d6f887e45d2c57fea7dd87e2502d2b7b51300bcd62acf25b82693e485d9db0291bec056a4f788a63cf2970621bc370275977127b87099a1e94fbd5b3c2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a4989d35b395c5cf784482f1edfff82f

SHA1
f48a8cd18eea246bee04dac1ca1fd0a6021331d4

SHA256
52f983077349f2965c57c2c5f5cfb5c9fdbc7446a7aec57b73ec70978431e7a1

SHA512
947b8ac1e05061e97b522b875f2af446d12f3a1f082be6b5c09c2ce1831f160a68f42e32daa1f70cff85e43fcd4fd3ee9c0cbb1bf17517bcd26dcdc01dc8e76d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7fc0396bd0151e019b76c1030d22b403

SHA1
7711893bd3d7992795c4d2b08bb85f87c0a77d0a

SHA256
319775b851ee57e723c1c502d03402ec4a5f7c120f79988a340eab4b464dd23f

SHA512
a0d9c87b4c5a48245e5adb1a107f278c474a25eab909be282a8ff960ea6e3e0c69c5ed34d1e03198462741419d0539dccc2d6d42f5b6e24ccdf276d4b222dd44

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9a0f6dd92671e45038b72b2d721d5c30

SHA1
f4a779951f20ba2dff9993b84948c37da831f7e8

SHA256
bb8ca00e29877329e3b07b99d5f6dfe8325b58d06e26c416b9c8aa91e91b47d7

SHA512
be6a476344cea5b543dada5d3abda03e58126e89d48065b170103fe78425afcb5a3c0070e8c3eba0151cbc9f6f10d3b78a57233490c5d1bbb9e1fa8179851545

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5d0c93b8ec02d41ab48630ef219d7e8f

SHA1
ee00dba9afb572bc43534af23cde59d190554d77

SHA256
3a6d82e0baa7428d0e7be0f67d0362b06b99c508e1769602f6426cef17178624

SHA512
896dd7931e68b0c8669ebc8f3912818d8ad620b50056ab0456156f6f2a2c24b043b8955c433efee62a04f1f30b16fcd56a8f37ee3dcaf449b769edcaf4d9c5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab9E63.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab9F21.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar9F54.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit